Apple Wastes a Key Opportunity at Black Hat

This site may earn affiliate commissions from the links on this page. Terms of use.

During his highly-anticipated talk "iOS Security" Apple iOS security platform engineer Dallas de Atlas walked through a few of the built-in features in iOS 5, which essentially regurgitated the first half of Apple's official whitepaper released last May. After going through the slides, Mr. de Atlas slipped out a side door without taking questions.

"That talk would have been awesome four years ago," said serial Apple hacker and Accuvant researcher, Charlie Miller. "Last year, Dino Dai Zovi gave a talk at Black Hat that went through the exact same things."

Miller was especially disappointed de Atlas didn't have a Q&A—Miller had plenty of questions (and rebuttals) prepared.

"I wanted to ask how they test apps submitted to the App Store and how they test their products. I also wanted to ask if there was really a remote kill switch, as rumored," Miller said. "There are a lot of things about their internal procedures the security community still doesn't know. But honestly, even if he just said 'no comment' to everything that would have been better than what he just did."

BitDefender head researcher Catalin Cosoi wanted to hear more about how Apple addresses data privacy. "Third parties can still take out data from the device and use it for other purposes, like blackmail, exhtortion, etc." he said. "Even though they can be held responsible let's be serious, users always allow access and never read the eula."

In May, Apple published a 20-page whitepaper on built-in security features in iOS, like secure boot, personalization, code signing, and sandboxing. The paper was aimed at convincing IT departments that Apple security doesn't require "extensive configuration."

Sara Yin is a junior analyst in the Software, Internet, and Networking group at PCmag.com, pouring most of her energy into app testing and security matters at Security Watch with Neil Rubenking. She lies awake at night pondering the state of mobile security (half-true).
Prior to joining PCMag.com, Sara spent five years reporting for publications in New York City (Huffington Post), Hong Kong (South China Morning Post), and Singapore (Campaign Asia, Men's Health).
Follow her on Twitter at @SecurityWatch and @sarapyin, or contact her the...
More »